BugZero | Cisco BugID CSCvp05558 - Per-packet load-balancing of Radius packets and in...

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCvp05558 - Per-packet load-balancing of Radius packets and in...

Cisco - Defect ID: CSCvp05558

Per-packet load-balancing of Radius packets and invalid fragmentation

Cisco - Defect ID: CSCvp05558

Per-packet load-balancing of Radius packets and invalid fragmentation

Last updated on April 27th, 2025

BugZero Risk Score
3.1 Low

Overall: 3.1

Severity: 3.7

Lifecycle: 4.0

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

Hosts cannot authenticate to AAA server.

Conditions

- EAP-TLS is used by end-points creating a need to generate Radius packet >1500B which eventually lead to packet fragmentation (this occurs also when jumbo frames are configured on the switch), - fragmented packets are load-balanced per-packet (not per-flow) and can be dropped if there is some security devices in between switch and AAA server which cannot reconcile radius packets coming on different interfaces leading to packet drop.

Workaround

a) configure: "ip cef load-sharing algorithm original" which will force all packets to go the same path b) disable redundant links on the switch towards AAA server.

Further Problem Description

As per current design, application should not inject packet greater than 1500. It application needs to inject packets greater than 1500, use above workarounds.

Change history

2025-04-27 Added: 16.6.4, 16.9.3

Top Cisco Defects

9.7Defect ID: CSCwh87343
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
9.7Defect ID: CSCwf08698
Cat9k Crashes Unexpectedly due to a Fault in the 'TLSCLIENT_PROCESS'
9.7Defect ID: CSCvm90995
ASR1000-RP2: Rommon fails to boot Cisco IOS software of 1GB size
9.7Defect ID: CSCvx32806
Access Points stuck in bootloop due to image checksum verification failed
9.7Defect ID: CSCwc94466
Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvp05558

Per-packet load-balancing of Radius packets and invalid fragmentation

Cisco - Defect ID: CSCvp05558

Per-packet load-balancing of Radius packets and invalid fragmentation

Last updated on April 27th, 2025

BugZero Risk Score3.1 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
3.1 Low